<?php
$whmcs_path="whmcs";
require($_SERVER['DOCUMENT_ROOT']."/".$whmcs_path."/dbconnect.php");

if (isset($_SESSION["adminid"]) && isset($_REQUEST["w"]))
{
  if (date("G")<8)
    $current_shift = 4*(date("N")-1);
  else if (date("G")<12)
    $current_shift = 1 + 4*(date("N")-1);
  else if (date("G")<17)
    $current_shift = 2 + 4*(date("N")-1);
  else if (date("G")<23)
    $current_shift = 3 + 4*(date("N")-1);
  else
    $current_shift = 4*date("N");
    
  $r = mysql_query("SELECT * FROM mod_schedule WHERE 1 ORDER BY priority ASC;");
  while ($admin = mysql_fetch_assoc($r))
  {
    if (in_array($current_shift, explode(",", $admin["schedule"])))
    {
      $r = mysql_query("SELECT * FROM tbladmins WHERE id='".$admin["adminid"]."';");
      $a = mysql_fetch_assoc($r);
      exit("Current Operator: <b>".$a["firstname"]." ".$a["lastname"]."</b>");
    }      
  }  
  exit("Current Operator: <b>nobody</b>");
}

if (isset($_SESSION["adminid"]) && isset($_REQUEST["op"]))
{
  if (($_REQUEST["op"]=="us") && isset($_REQUEST["id"]) && isset($_REQUEST["s"]) && mysql_num_rows(mysql_query("SELECT permid FROM tbladmins JOIN tbladminperms ON tbladmins.roleid = tbladminperms.roleid WHERE permid=64 AND tbladmins.id=". intval($_SESSION["adminid"]))))
  {
    if (mysql_num_rows(mysql_query("SELECT * FROM mod_schedule WHERE (adminid='".intval($_REQUEST["id"])."');")) && mysql_query("UPDATE mod_schedule SET schedule='".mysql_real_escape_string($_REQUEST["s"])."' WHERE (adminid='".intval($_REQUEST["id"])."');"))
      exit("1");
    else    
      exit(mysql_error());    
  }
  else if (($_REQUEST["op"]=="usa") && isset($_REQUEST["id"]) && isset($_REQUEST["sat"]) && isset($_REQUEST["sa"]))
  {
	  if (mysql_num_rows(mysql_query("SELECT * FROM mod_schedule WHERE (adminid='".intval($_REQUEST["id"])."');")) && mysql_query("UPDATE mod_schedule SET salarytype='".intval($_REQUEST["sat"])."' ,salary='".intval($_REQUEST["sa"])."' WHERE (adminid='".intval($_REQUEST["id"])."');"))
      exit("1");
		else    
      exit(mysql_error()); 
  }
  else if (($_REQUEST["op"]=="co") && isset($_REQUEST["id"]) && mysql_num_rows(mysql_query("SELECT permid FROM tbladmins JOIN tbladminperms ON tbladmins.roleid = tbladminperms.roleid WHERE permid=64 AND tbladmins.id=". intval($_SESSION["adminid"]))))
  {    
    $r = mysql_query("SELECT adminid, priority FROM mod_schedule WHERE priority <= ( SELECT priority FROM mod_schedule WHERE adminid = '".intval($_REQUEST["id"])."' ) ORDER BY priority DESC LIMIT 0,2 ;");
    if (mysql_num_rows($r)>1)
    {
      $admin = mysql_fetch_assoc($r);
      $u1id = $admin["adminid"]; $u1p = $admin["priority"];
      $admin = mysql_fetch_assoc($r);
      $u2id = $admin["adminid"]; $u2p = $admin["priority"];
      if (mysql_query("UPDATE mod_schedule SET priority=0 WHERE (adminid='".$u2id."');") && mysql_query("UPDATE mod_schedule SET priority='".$u2p."' WHERE (adminid='".$u1id."');") && mysql_query("UPDATE mod_schedule SET priority='".$u1p."' WHERE (adminid='".$u2id."');"))
        exit("1");
      else
        exit(mysql_error());
    }
    else
      exit();         
  }
  else if($_REQUEST["op"] == "show_ar")
	{
		$query = mysql_query("SELECT firstname,lastname FROM tbladmins WHERE roleid = (SELECT roleid from tbladmins WHERE id = ".intval($_SESSION["adminid"]).")");
		echo "<br />
                          <table border='1' cellspacing='0' cellpadding='2'>
                          <tr><td bgcolor='#efefef'><b>Date</b></td><td> Day : <input type='text' name='day' id='day' size='1' maxlength='2' /> Month : <input type='text' name='month' id='month' size='1' maxlength='2' /> Year : <input type='text' name='year' id='year' size='3' maxlength='4' /></td></tr>
			  <tr><td bgcolor='#efefef'><b>Shift</b></td><td>
								<select name='shiftid' id='shiftid'>
								<option value='1' selected>1</option>
								<option value='2'>2</option>
								<option value='3'>3</option>
								<option value='4'>4</option></td></tr>
			  <tr><td bgcolor='#efefef'><b>Reason</b></td><td><textarea name='reason' id='reason' cols='61' rows='7'></textarea></td></tr>
			  <tr><td bgcolor='#efefef'><b>Who replace</b></td>
			  <td><select id='replacement'>
					<option value='' selected ></option>";
		if(mysql_num_rows($query))
		{
			while($temp = mysql_fetch_assoc($query))
			{
				echo "<option value='".$temp["lastname"]." ".$temp["firstname"]."' >".$temp["lastname"]." ".$temp["firstname"]."</option>";
			}
		}
		else
		{
			exit(mysql_error());
		}
		echo "</select></td></tr>
			  </table>
			  <input type='hidden' name='adminid' id='adminid' value='".intval($_SESSION["adminid"])."' />
			  <br/><input type='submit' value='submit' onClick='submit_ar()'/>";
	}
else if($_REQUEST["op"] == "submit_ar")
	{
        $adminid= intval($_REQUEST["adminid"]);
		$shiftid = intval($_REQUEST["shiftid"]);
		$day = (strlen($_REQUEST["day"])==2)?$_REQUEST["day"]:"0".$_REQUEST["day"];
		$month = (strlen($_REQUEST["month"])==2)?$_REQUEST["month"]:"0".$_REQUEST["month"];
		$year = $_REQUEST["year"];
		$date = $year."-".$month."-".$day;
		$reason = mysql_real_escape_string($_REQUEST["reason"]);
		$replacement = ($_REQUEST["replacement"]!="")?mysql_real_escape_string($_REQUEST["replacement"]):"no one";
		if($_REQUEST["adminid"]=="")
		{
			exit("Adminid mustn't be null.");
		}
		if($_REQUEST["shiftid"]=="")
		{
			exit("Shiftid mustn't be null.");
		}
		if($_REQUEST["reason"]=="")
		{
			exit("Reason mustn't be null.");
		}
		if(!checkdate($month,$day,$year))
		{
			exit("Date is invalid.");
		}
		if(mysql_query("INSERT INTO mod_dayoff(adminid,date,shiftid,reason,replacement,status) values ('".$adminid."','".$date."','".$shiftid."','".$reason."','".$replacement."','pending');"))
		{
			exit("1");
		}
		exit(mysql_error());
	}
	
  else if($_REQUEST["op"] == "show_pr")
	{
	   $query = mysql_query("SELECT * FROM mod_dayoff WHERE adminid=".intval($_SESSION["adminid"]));
	   if(mysql_num_rows($query))
		{
		   echo "<br/><table border='1' cellspacing='0' cellpadding='2'>
				 <tr bgcolor='#efefef' style='font-weight:bold'>
					<td>ID</td>
					<td>Date</td>
					<td>Shift</td>
					<td>Reason</td>
					<td>Replacement</td>
					<td>Status</td>
					<td>Action</td></tr>";
			$i = 1;
			while($temp = mysql_fetch_assoc($query))
			{
				echo "<tr>
						<td>".$i++."</td>
						<td>".$temp["date"]."</td>
						<td>".$temp["shiftid"]."</td>
						<td>".$temp["reason"]."</td>
						<td>".$temp["replacement"]."</td>
						<td>".$temp["status"]."</td>";
				if($temp["status"] == "pending")
					echo "<td><a onClick='delRequest(".$_SESSION["adminid"].",\"".$temp["date"]."\",".$temp["shiftid"].");show_pr()'>cancel</a></td>";
				else
					echo "<td></td>";
				echo "</tr>";
			}
			echo "</table>";
		}
		else
		{
			echo "Nothing";
		}
	}
	else if($_REQUEST["op"] == "delRequest")
	{
		if(mysql_query("DELETE FROM mod_dayoff WHERE adminid= ".intval($_REQUEST["adminid"])." AND date='".mysql_real_escape_string($_REQUEST["date"])."' AND shiftid=".intval($_REQUEST["shiftid"]).";"))
		{
			exit("1");
		}
		exit(mysql_error());
	}
	else if($_REQUEST["op"] == "approveRequest")
	{
		if(mysql_query("UPDATE mod_dayoff SET status = 'approved' WHERE adminid= ".intval($_REQUEST["adminid"])." AND date='".mysql_real_escape_string($_REQUEST["date"])."' AND shiftid=".intval($_REQUEST["shiftid"]).";"))
		{
			exit("1");
		}
		exit(mysql_error());
	}
	else if($_REQUEST["op"] == "rejectRequest")
	{
		if(mysql_query("UPDATE mod_dayoff SET status = 'rejected' WHERE adminid= ".intval($_REQUEST["adminid"])." AND date='".mysql_real_escape_string($_REQUEST["date"])."' AND shiftid=".intval($_REQUEST["shiftid"]).";"))
		{
			exit("1");
		}
		exit(mysql_error());
	}
	else if($_REQUEST["op"] == "filter")
	{
		$query = mysql_query("SELECT * FROM mod_dayoff WHERE ".$_REQUEST["column"]."='".$_REQUEST["value"]."'");
		echo "<div id='dayoff'><table border=1 cellspacing=0 cellpadding=2>
			  <tr bgcolor='#efefef' style='font-weight:bold;text-align:center'>
				  <td width=100>Date</td>
				  <td>Shift</td>
				  <td width=150>Admin</td>
				  <td width=200>Reason</td>
				  <td width=150>Replacement</td>
				  <td>Status</td>
				  <td>Action</td></tr>";
		while($temp = mysql_fetch_assoc($query))
		{
			$_temp = mysql_fetch_assoc(mysql_query("SELECT id,firstname,lastname FROM tbladmins WHERE id = ".$temp["adminid"]));
			echo "<tr style='text-align:center'>
				  <td><a onClick='filter(\"date\",\"".$temp["date"]."\")'>".$temp["date"]."</a></td>
				  <td>".$temp["shiftid"]."</td>
				  <td><a onClick='filter(\"adminid\",".$_temp["id"].")'>".$_temp["lastname"]." ".$_temp["firstname"]."</a></td>
				  <td>".$temp["reason"]."</td>
				  <td>".$temp["replacement"]."</td>
				  <td><a onClick='filter(\"status\",\"".$temp["status"]."\")'>".$temp["status"]."</a></td>
				  <td><a onClick='delRequest(".$temp["adminid"].",\"".$temp["date"]."\",".$temp["shiftid"].");filter(\"".$_REQUEST["column"]."\",\"".$_REQUEST["value"]."\");'>delete</a>";
			if($temp["status"] == "pending")
			{
				echo "&nbsp;<a onClick='rejectRequest(".$temp["adminid"].",\"".$temp["date"]."\",".$temp["shiftid"].");filter(\"".$_REQUEST["column"]."\",\"".$_REQUEST["value"]."\");'>reject</a>&nbsp;<a onClick='approveRequest(".$temp["adminid"].",\"".$temp["date"]."\",".$temp["shiftid"].");filter(\"".$_REQUEST["column"]."\",\"".$_REQUEST["value"]."\");'>approve</a>";
			}
			echo "</td></tr>";
		}
	}


}
exit();
?>